This documents the ISMS Policy, as released on 2020-08-03
We, the management of Flying Circus Internet Operations, decided to establish an Information Security Management System (ISMS) according to the international standard ISO/IEC 27001.
This ISMS policy represents the basis of the organisational ISMS, defining the elementary goals, strategies, and the framework of the ISMS.
We mainly operate in the area of the managed hosting of critical business applications.
Information security is crucial for our economic viability. The ISMS
ensures information is secured in relation to the required protection level
helps us to avoid violating information security,
and thus protect our customers and ourselves from economical damage.
The targeted security level represents the baseline for a risk-oriented and economically appropriate procedure. Internal requirements (company rules or standards) and external requirements (customer, legal, or regulatory obligations) are duly considered.
To reach the objective and to take on overall responsibility the management of FCIO establishes an ISMS, an information security organisation, and ensures sufficient resources.
This ISMS policy defines the management’s mandate towards the information security organisation to plan, implement, control, and continually improve a risk-based ISMS under due consideration of internal and external requirements.
Goals and Principles of Information Security¶
Information security at FCIO plays a significant role to accomplish the business objectives. There must be appropriate safeguards to secure the confidentiality, integrity, authenticity, and availability of information. This will help us to:
ensure safety of operation,
avoid unacceptable economical damage to us and our customers,
comply with legal provisions, regulatory requirements, and
comply with unit specific policies, business directives and procedures.
This leads to the following goals regarding information security:
Ensure that information security is managed at an adequate level of maturity.
Ensure that all significant risks are identified, evaluated, and reduced to an acceptable level – taking into account the entire value chain and life cycle of information and its associated resources.
Engage staff and ensure that they follow specific policies, business directives, and procedures for information security.
Ensure that service providers and partner companies follow relevant requirements out of specified policies, business directives, and procedures for information security.
The commitment to accomplish the above goals is to be carried forward into practice through the following key points:
The management assumes personal responsibility for information security and demonstrates active leadership.
We establish an ISMS which complies to ISO/IEC 27001.
There is open, transparent exchange with customers, partner companies, and service providers regarding information security.
Staff is appropriately educated, trained, and informed to follow defined policies, business directives, and procedures for information security.
Trends, developments, upcoming threats in information security are actively observed and assessed with regard to their relevance to us.